You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/04/30 19:10:12 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c
jwoolley 02/04/30 10:10:12
Modified: . CHANGES
modules/ssl mod_ssl.c
Log:
Revert optimization from circa 2.0.34 that caused very long vhost id's
to be unusable with mod_ssl.
PR: 8572
Revision Changes Path
1.749 +5 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.748
retrieving revision 1.749
diff -u -d -u -r1.748 -r1.749
--- CHANGES 30 Apr 2002 14:20:28 -0000 1.748
+++ CHANGES 30 Apr 2002 17:10:11 -0000 1.749
@@ -1,5 +1,10 @@
Changes with Apache 2.0.37
+ *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
+ as the session id context rather that a MD5 hash of that vhost ID,
+ because it caused very long vhost id's to be unusable with mod_ssl.
+ PR 8572. [Cliff Woolley]
+
*) Fix the link to the description of the CoredumpDirectory
directive in the server-wide document. PR 8643. [Jeff Trawick]
1.64 +6 -4 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -d -u -r1.63 -r1.64
--- mod_ssl.c 7 Apr 2002 03:37:35 -0000 1.63
+++ mod_ssl.c 30 Apr 2002 17:10:12 -0000 1.64
@@ -279,6 +279,7 @@
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSL *ssl;
SSLConnRec *sslconn = myConnConfig(c);
+ char *vhost_md5;
modssl_ctx_t *mctx;
/*
@@ -334,12 +335,13 @@
return DECLINED; /* XXX */
}
- if (!SSL_set_session_id_context(ssl,
- (unsigned char *)sc->vhost_id,
- sc->vhost_id_len))
+ vhost_md5 = ap_md5_binary(c->pool, sc->vhost_id, sc->vhost_id_len);
+
+ if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
+ MD5_DIGESTSIZE*2))
{
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
- "Unable to set session id context to `%s'", sc->vhost_id);
+ "Unable to set session id context to `%s'", vhost_md5);
c->aborted = 1;
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c
Posted by Cliff Woolley <jw...@virginia.edu>.
On 30 Apr 2002 jwoolley@apache.org wrote:
> jwoolley 02/04/30 10:10:12
>
> Modified: . CHANGES
> modules/ssl mod_ssl.c
> Log:
> Revert optimization from circa 2.0.34 that caused very long vhost id's
> to be unusable with mod_ssl.
>
> PR: 8572
I'm ambivalent about whether this should go into 2.0.36. I don't see any
harm in it -- the equivalent code was in 2.8.x for ages (and still is
today). At the same time, it's an edge case. I leave it to Sander's
discretion.
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA